556 matches found
EUVD-2020-28327
Malware in sbrugna...
EUVD-2020-28310
Malware in sbrugna...
EUVD-2020-17368
Malware in sbrugna...
EUVD-2020-28318
Malware in sbrugna...
EUVD-2020-28301
Malware in sbrugna...
EUVD-2020-19110
Malware in sbrugna...
EUVD-2020-28305
Malware in sbrugna...
EUVD-2020-28283
Malware in sbrugna...
EUVD-2020-28322
Malware in sbrugna...
EUVD-2020-28294
Malware in sbrugna...
EUVD-2024-16505
Malicious code in bioql PyPI...
EUVD-2024-46974
Malicious code in bioql PyPI...
EUVD-2023-56305
Malicious code in bioql PyPI...
EUVD-2022-51508
Malicious code in bioql PyPI...
EUVD-2022-2197
Malicious code in bioql PyPI...
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via the QLExpressEngine process. An attacker can execute arbitrary code by submitting crafted expressions that trigger...
📄 Commvault CLI Argument Injection / Traversal / Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the localadmin account, which then facilitates code execution via expression language...
Security Bulletin: Arbitrary Code Execution via JaninoEventEvaluator in Logback-Core (Versions 0.1–1.3.14, 1.4.0–1.5.12) through Malicious Configuration or Environment Variable Injection affects watsonx.data
Summary ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...
Expression Language Injection
Overview Affected versions of this package are vulnerable to Expression Language Injection in the GatewayEvaluationContext method, which allows property modification that in turn enables code execution. Only Webflux applications are vulnerable, not WebMVC applications. Additionally, the following...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Ivanti Endpoint_Manager_Mobile
CVE-2025-4428 & CVE-2025-4427 CVE-2025-4428 is a post-auth re...